Digital Marketing and Analytics Company Files Lawsuit Against FTC for Alleged Privacy Breach

A lawsuit has been filed against the Federal Trade Commission by an Idaho-based digital marketing and analytics firm, which allegedly violated the Federal Trade Commission (FTC) Act with its data practices.

Kochava’s core business unit provides mobile advertising attribution through customizable software tools, which are provided under the software-as-a-service model. The software enables its clients to get data points and analytics for digital marketing campaigns and applications. The second business unit is an aggregator of third-party mobile device data, which Kochava makes available through its data marketplace, the Kochava Collective.

Following the Supreme Court’s decision to overturn Wade v. Roe, privacy advocates have expressed concern about the potential for data brokers and law enforcement in some states to collect information about people who visit reproductive health clinics to seek advice on abortions . Shortly after the Supreme Court decision, the FTC announced its commitment to fully enforce the law against the unlawful use and sharing of highly sensitive data, such as the collection and use of consumer location data and illegal privacy practices regarding reproductive health data.

The Kochava Collective provides data feeds and audience targeting to clients for marketing purposes. The FTC alleges that the Kochava collective provides precise geolocation data associated with mobile advertising identifiers (MAID), which means it is possible to identify and track consumers when they visit sensitive places such as clinics. reproductive health, therapists’ offices, medical facilities and addictions. recovery centers. The FTC also alleges that the data is timestamped so that it is possible to tell exactly when an individual has visited a location and that there are no technical controls in place to prohibit Kochava customers from tracking consumers when they visit these locations. Collecting latitude and longitude, IP address, and mobile advertising ID information associated with consumer devices is a violation of FTC law, according to the FTC, which is seeking a permanent injunction against Kochava to prevent future violations of FTC law.

3 Steps to HIPAA Compliance

Please check the HIPAA log
privacy policy

  • Step 1: Download the checklist.
  • Step 2: Review your business.
  • Step 3: Get in compliance!

The HIPAA Journal Compliance Checklist provides the top priorities for your organization to become fully HIPAA compliant.

Kochava denies that its data can be used by its customers to identify and track individuals and claims the FTC has misunderstood the services it provides. Kochava argues that even if the FTC is correct about collecting latitude and longitude, IP addresses, and MAIDS associated with consumer devices, these data elements are not received until a few days later, and the Specific locations and consumers associated with MAIDs are unrelated. . Further, Kochava explains in the lawsuit that the FTC is wrong to believe that there are no technical controls in place to prevent its clients from tracking consumers when they visit sensitive locations. Kochava said it introduced a new feature on August 10, 2022, called Privacy Block, which allows its customers to opt out of the collection of sensitive location data such as visits to healthcare providers.

Kochava argues that it “acts consistently and proactively in compliance with all rules and laws, including those specific to privacy,” and that the FTC has threatened the company with a lawsuit in district court. and a proposed settlement when the lawsuit and settlement are based on inaccurate information. Kochava also alleges that the FTC is overstepping its legal authority to enforce FTC law and is attempting to scapegoat the company in order to set precedent in the ad tech industry. Kochava is suing to get the federal court in Idaho to intervene.